Beware e-Christmas cards. There’s a virus going round.

MSE_Martin

I received what looked like a genuine hallmark greeting card. All looked right, barring the main link which clicked to a virus. If you get e-cards, first check they’re from someone you know – don’t open any that aren’t.

Then hover your mouse over the link to check it goes to a legitimate site, before clicking. And always ensure your virus checker is switched on.

Click reply below to discuss

[threadbanner]box[/threadbanner]

Heinz

Not to be confused with the hoax email about a Hallmark postcard currently doing the rounds again:

http://www.hoax-slayer.com/postcard-virus-hoax.shtml

kalaka

It's really not safe to open these e-cards at all. 2 ways to reduce risk:

1. Use a webmail account. Gmail for example virus scans all email automatically. Their virus scanners should be up to date.

2. Open e-cards and other dodgy attachments in a sandbox. Download and install https://www.sandboxie.com. This ringfences whatever you open in it then deletes it on closure.

cloughja

Hovering over with your mouse will not necessarily reveal the correct site. A safer way would be to view the HTML source then copy and paste the URL into google and check if it comes back as a risk-free site. However this is too much hassle :-)

There's always going to be some new threat - make sure you've got up-to-date anti-virus and anti-spyware and a firewall and a secure browser (not IE) and you should be fine.

Some other tips:
don't open attachments or follow links from mails recieved from people you don't know.
if you get a mail from someone you do know that looks weird then they may have a virus which sends mail to eveyone they know - this happened to me the other day on a mail from my Dad.
Never follow links from mails from companies (e.g. banks, ebay, paypal). Use google to get to the correct site and bookmark it

System

Just don't send e-cards!

However if you receive one from someone you know or not. Just delete it. Without reading. If you had to come here and read this and this is news to you, then chances are you will catch the virus even by just opening/reading it. It sucks but its true.

kalaka wrote: »

2. Open e-cards and other dodgy attachments in a sandbox. Download and install www.sandboxie.com. This ringfences whatever you open in it then deletes it on closure.

Listen to Security Now by any chance? :P

mateypeeps

kalaka wrote: »

It's really not safe to open these e-cards at all. 2 ways to reduce risk:

1. Use a webmail account. Gmail for example virus scans all email automatically. Their virus scanners should be up to date.

2. Open e-cards and other dodgy attachments in a sandbox. Download and install www.sandboxie.com. This ringfences whatever you open in it then deletes it on closure.

In the version of Live-HotMail that I use, you can right click and chose "view message source" and see the entire contents of the mail in text only, so no html enabled bugs or trojan dropping java script activity possible.

You can then look at the name of the sender, and the links and where they really go to, and if the email is filled with garbage associated with a buffer overflow attack, etc.

If suspicious, junk it.

PrinceGaz

I have only one approach to e-cards that turn up with links in my email, and it is an approach I would recommend everyone follows.

Delete the e-card if you are not certain there is sufficient info included with it to verify that you know the sender is a personal friend or colleague.

If you do know the sender, rather than take a chance with one of the most widely used ways of exploiting web-browser vulnerabilities (which can lead to your computer becoming infected), email the sender of the card thanking them for it but let them know that for security reasons you did not view the card they sent.

PrinceGaz

mateypeeps wrote: »

In the version of Live-HotMail that I use, you can right click and chose "view message source" and see the entire contents of the mail in text only, so no html enabled bugs or trojan dropping java script activity possible.

You can then look at the name of the sender, and the links and where they really go to, and if the email is filled with garbage associated with a buffer overflow attack, etc.

If suspicious, junk it.

Even if the email is not filled with garbage associated with a buffer under/over-run attack, a quite harmless looking link to view the "greeting card" could send you to a site with code designed to exploit some recently discovered browser vulnerability which has not been patched and which your AV software might not yet be aware of (so called 0-day attacks). Large botnets are established by exploiting unpatched vulnerabilities, and clicking on unsolicited links sent by email is the easiest way for those persons to get more computers infected.